Self encrypting drives (SEDs) usually employ hardware to encrypt and decrypt user data during write and read operations, respectively. Encryption and decryption are accomplished using a media encryption key (MEK). The MEK is normally a function of logical block address (LBA), where an entire LBA space is subdivided into several LBA ranges (referred to as “data bands” or simply “bands”) with a unique MEK for each band. Because of hardware limitations, the number of bands that an SED can support without serious performance degradation is limited (16 would be a reasonably high number). Having more active bands than the number of LBA ranges supported by hardware will have a negative effect on performance due to constant key swapping. From a perspective of a host in a traditional implementation, user data to which the host has access control under a single authentication key (AK) needs to be contiguously stored in a single LBA range. The single LBA range or band limitation makes it difficult for certain types of applications (like Virtual Machines—VMs) to benefit fully from SED deployment, because VMs might need many (perhaps, thousands) of bands to enable more flexible and efficient usage of the storage device.
It would be desirable to have virtual bands concentration for self encrypting drives.